CVE-2026-45252
- EPSS 0.28%
- Veröffentlicht 21.05.2026 10:16:26
- Zuletzt bearbeitet 21.05.2026 19:01:09
When a fusefs file system implements extended attributes, the kernel may send a FUSE_LISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE protocol requires the daemon to return a packed lis...
CVE-2026-45253
- EPSS 0.2%
- Veröffentlicht 21.05.2026 10:16:26
- Zuletzt bearbeitet 21.05.2026 19:01:01
ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process...
CVE-2026-45254
- EPSS 0.19%
- Veröffentlicht 21.05.2026 10:16:26
- Zuletzt bearbeitet 21.05.2026 19:00:47
In the case of the cap_net service, when a key present in the old limit was omitted from the new limit, the missing key was treated as "allow any" instead of being rejected. In certain scenarios, an application that had previously restricted a subse...
CVE-2026-45255
- EPSS 0.31%
- Veröffentlicht 21.05.2026 10:16:26
- Zuletzt bearbeitet 21.05.2026 19:00:34
When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog(1) to prompt the user to select a network. This is implemented using a shell script, and the code which handled netw...
CVE-2026-39461
- EPSS 0.17%
- Veröffentlicht 21.05.2026 10:16:25
- Zuletzt bearbeitet 21.05.2026 19:01:35
libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become available. However, it does not verify that its socket descriptor fits within select(2)'s descriptor set size limi...
CVE-2026-45250
- EPSS 0.41%
- Veröffentlicht 21.05.2026 08:37:17
- Zuletzt bearbeitet 22.05.2026 08:16:14
The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating i...
CVE-2026-35547
- EPSS 0.32%
- Veröffentlicht 30.04.2026 08:08:13
- Zuletzt bearbeitet 01.05.2026 16:16:30
When processing the header of an incoming message, libnv failed to properly validate the message size. The lack of validation allows a malicious program to write outside the bounds of a heap allocation. This can trigger a crash or system panic, and...
CVE-2026-39457
- EPSS 0.15%
- Veröffentlicht 30.04.2026 08:01:49
- Zuletzt bearbeitet 01.05.2026 12:41:46
When exchanging data over a socket, libnv uses select(2) to wait for data to arrive. However, it does not verify whether the provided socket descriptor fits in select(2)'s file descriptor set size limit of FD_SETSIZE (1024). An attacker who is able...
CVE-2026-42512
- EPSS 1.42%
- Veröffentlicht 30.04.2026 07:58:37
- Zuletzt bearbeitet 01.05.2026 16:16:32
As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers. The code which expands the array incorrectly calculates its new size when requesting memory, resulting in a heap buffer overrun. ...
CVE-2026-7164
- EPSS 0.43%
- Veröffentlicht 30.04.2026 07:23:52
- Zuletzt bearbeitet 01.05.2026 12:46:59
Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets which cause affected systems to panic. This affects any system wher...